Description
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2178)
WordPress Plugin Neuvoo Jobs Cross-Site Scripting (2.0)
TYPO3 Cryptographic Issues Vulnerability (CVE-2012-3527)
PostgreSQL Integer Overflow or Wraparound Vulnerability (CVE-2023-5869)
WordPress Plugin WP-FB-AutoConnect Multiple Cross-Site Request Forgery Vulnerabilities (4.0.5)